Jump to content

Victim of Circumstance


bhern@spamcop.net

Recommended Posts

A couple weeks back, I posted a note to a mailing list of about 1000 members; immediately after my posting, I began receiving random messages from randomly generated email addresses, the mark of one of the latest viral variants (the standard "HI", "Test", "Server Report", etc. subjects with the viral payload as an attachment). And of course, I'm now also receiving all of the bounce messages from the OTHER targets of this attack, since it's spoofing my email address along with everyone else.

(I should point out that I used a different email account for this message other than spamcop -- yeah, yeah, I know...)

In looking at the message headers, I see that it's coming from the following domain/server:

user19.net518.tx.sprint-hsd.net

With that knowledge, what can I do to shut down the attacks or at least filter them from my inbox? Apparently the person involved is either oblivious or unable to deal with it (I'm guessing the former).

Thanks for any guidance -- I'm using Outlook on the client end of things, to the extent that that matters.

Link to comment
Share on other sites

Your mail server administrator may be able to block connections from the IP Address 65.40.203.19 that is infected. If you are a SpamCop Email System Customer, you can filter on that IP Address or name.

Link to comment
Share on other sites

I find it helps to report them to the abuse desk of the IP address they are coming from or some people say the report gets more attention if you send it to security [at] .

You can find out the reporting address by parsing the headers thru spamcop (just remember to CANCEL the report as viruses are not to be reported through spamcop).

Usually they stop pretty quickly. Though if you get a lot then it is hard to keep up with the manual reporting and you may want to filter them out and delete.

Miss Betsy

Link to comment
Share on other sites

That's a bummer. :( It happens sometimes that the service providers won't do anything to help. You could start looking for bitchlist addresses. But that's time consuming also. When my hotmail account got hit by Sobig, I just chose the contacts only mode. And I am sorry that I don't know anything about Outlook. If you filtered on subject line or possibly if the email had an attachment (especially if you don't get emails with attachments at that address). In OE, you can do something about attachments in the Options.

Miss Betsy

Link to comment
Share on other sites

Worst case, you could also give these folks a call or at least add the e-mail address to your list of targets ... no guarantees that's it's the right office, etc., but at least it's a starting point .. depends on just how worked up your are at this point;

TechPhone: +1-407-741-0500

TechEmail: support[at]sprint-hsd.net

Link to comment
Share on other sites

I got a lot of Klez. I tried various methods to get ISPs to take action.

In a very small fraction of cases (involving small ISPs) I was successful. In fact, after my repeated calls to one small ISP in Texas, a support guy said he had personally cleaned the customer's infected machine!

But my efforts were mostly a waste of time. In some cases, I was able to get the actual e-mail address of the person who was actually infected (for example, when AOL or Compuserve added the X-Apparently-From header disclosing the actual sender). I could sometimes google information about these people. I had no better luck with them. For example, a lawyer in Chicago Klezzed me for several months. I sent her an e-mail whenever she Klezzed me. She ignored them. I called her. She hung up on me.

In hindsight, I wouldn't have bothered with any of that. The reward was so miniscule for the amount of time I invested.

Now the viruses never reach me--that's one of the reasons why spamcop mail is so fantastic. Out of sight, out of mind.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...